Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2024
CVE-2023-50436
An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-02-29
CVE-2023-50437
An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2.
CVSS Score
8.6
EPSS Score
0.002
Published
2024-02-29
CVE-2023-49930
An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficiently restricted.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-02-29
CVE-2023-49931
An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-02-29
CVE-2023-49932
An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions.
CVSS Score
5.4
EPSS Score
0.005
Published
2024-02-29
CVE-2023-49337
Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via /dashboard/system/basics/name. (8.5 and earlier are unaffected.)
CVSS Score
2.4
EPSS Score
0.005
Published
2024-02-29
CVE-2023-48650
Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name.
CVSS Score
4.8
EPSS Score
0.011
Published
2024-02-29
CVE-2023-48651
Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialogs/file/delete/1/submit.
CVSS Score
4.3
EPSS Score
0.006
Published
2024-02-29
CVE-2023-48653
Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential.
CVSS Score
4.3
EPSS Score
0.006
Published
2024-02-29
CVE-2023-47634
Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement. To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel. Versions 0.26.9, 0.27.5, and 0.28.0 contain a patch for this issue. As a workaround, disable the Endorsement feature in the components.
CVSS Score
3.1
EPSS Score
0.003
Published
2024-02-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved